Driven by necessity, Mozilla to enable HTML5 DRM in Firefox

Browser company fearful that users would follow Netflix to other browsers.

Mozilla announced today that it will follow the lead of Microsoft, Google, and Apple and implement support for the contentious HTML5 digital rights management specification called Encrypted Media Extensions (EME).

The organization is partnering with Adobe to make the change. Mozilla will provide the hooks and APIs in Firefox to enable Web content to manipulate DRM-protected content, and Adobe will provide a closed source Content Decryption Module (CDM) to handle the decryption needs.

For a group that's committed to open standards and open source, this was a difficult decision. DRM, which tends to restrict fair use access to copyrighted content, and closed source modules both run counter to Mozilla's goals. Explaining the decision, Mozilla Foundation CEO Mitchell Baker argued that the decision was driven by necessity. With Internet Explorer, Chrome, and Safari all enabling EME, Mozilla faced a problem: if it refused to support EME, it risked driving users seeking to watch DRM-protected content to other browsers.

That streaming media companies want to use EME is beyond doubt. Netflix, for example, offers an HTML5-based player using EME as an alternative to its Silverlight-based front-end. This HTML5 player works in both Chrome and Internet Explorer 11. Baker argues that users will tend to follow the content and hence switch to these browsers whenever they want to watch protected content. This in turn leads those users to question the use of Firefox entirely.

This push for HTML5 and EME is likely to accelerate, too. Google is trying to deprecate support for browser plugins, a move that will, in time, eliminate both Silverlight and Flash as delivery mechanisms for DRM-protected content. For broadcasters that want to target the Web, EME will be the only practical option. This will increase the pressure faced by Mozilla.

As much as Mozilla as an organization may dislike DRM, and as much as it may believe the EME specification to be flawed, Baker says that Mozilla cannot change the industry alone. As such, it needs to support DRM, too. The choice of whether to use the DRM facilities will be left to the end user, and those who do not want to use it can elect not to activate it. The CDM will not actually be distributed with Firefox, either; if users elect to use it, it will be downloaded from Adobe.

In a more technical post, Mozilla CTO Andreas Gal outlines some of the ways that the Firefox developers have tried to isolate the Adobe CDM to ensure that this closed source black box cannot breach user privacy or undermine system security. The CDM is run in an isolated sandbox without access to the network or the user's hard drive.

HTML5's DRM system also includes a unique identifier that content providers can use to identify devices. Mozilla has taken pains to make this as minimally invasive as possible. Firefox will give each site a unique ID, preventing providers from tracking users across multiple sites. The ID will also not disclose any details of the underlying hardware.

As a silver lining, Gal writes that implementing EME will make it easier for Mozilla to phase out support for general purpose plugins, as HTML5 DRM eliminates one of the biggest use cases for these plugins.

In some ways, the DRM issue mirrors the earlier video codec issue. For a long time, Mozilla refused to implement support for H.264-encoded video because of the licensing and patent issues associated with that compression algorithm. But driven by the need to play back the video that was abundant on the Web—and the battery efficiency that comes from leveraging hardware-accelerated H.264 playback—the group eventually relented.

There are some similarities in the way Mozilla has chosen to resolve the issue, too. For H.264 support, Firefox defers to third-party code that's often closed source: the built-in H.264 codecs available on Windows and OS X and the hardware support found in the chips used in tablets and smartphones.

In both cases, Mozilla found itself unable to change the direction of media industry juggernauts. DRM, like H.264, is entrenched in the video industry, and the proliferation of apps strongly suggests that content producers would sooner give up the Web before giving up content protection. Combined with a userbase that seems largely indifferent to the concerns raised—Netflix users are demonstrably willing to use DRM, for example—Mozilla's leverage is minimal at best.

This is not to say that the organization has not tried. Mozilla has pushed watermarking as a superior alternative to DRM, but this approach seems to have done little to interest content owners. Without some large user-driven pushback against DRM, it's hard to see this situation changing.

Promoted Comments

Funny how psychology works. I have no problem with Netflix using DRM, because it's very clear that their offering is like a "channel", to which you have unlimited access during the time you pay for the subscription.

On the other hand, I highly resent DRM in things like ebooks that I've paid for, because I've bought them and they should be MINE, perpetually.

169 Reader Comments

Whether or not this particular DRM really achieves its goals is completely moot to me, personally, as long as it 'just works.' DRM-enabled Silverlight worked just fine for Netflix for years, so DRM is not necessarily 'bad' in the sense that it affects the end-user experience -- but this is a good thing because it will lead to proper Linux support for Netflix, which is literally the ONLY reason I am not running SteamOS on my HTPC (and Silverlight replacements don't work well enough).

Speaking of which, this article and others online claim that Netflix has had HTML5 support since last Fall -- but does it work in Linux yet, and if not, why not?

Companies, developers, and artists should have a right to protect their content, even if the populous doesn't agree that they can't have it for free. Everything can't be free and open, the core technologies maybe, but the content should be able to be protected somehow.

Speaking of which, this article and others online claim that Netflix has had HTML5 support since last Fall -- but does it work in Linux yet, and if not, why not?

Because it only works on Windows using a Microsoft provided CDM. You didn't think this move to DRM-enabled HTML5 would expand platform support, did you? This will simply expand the ability for "licensing efforts" to further push baseless differentiation between desktop PCs, tv-attached devices, and mobile of any kind. Yes I'm watching on my tablet, no that shouldn't mean a goddamn thing.

Companies, developers, and artists should have a right to protect their content, even if the populous doesn't agree that they can't have it for free. Everything can't be free and open, the core technologies maybe, but the content should be able to be protected somehow.

By demanding that end user systems enforce security hostile to the platform owner? That's broken. The proper course of action is to change business models, which is the problem not of the end user but the business in question.

Probably not hard. It wouldn't be a surprise if it is cracked soon after implementation, like every other DRM scheme has been so far.

It doesn't have to be hard. The DMCA makes it illegal to circumvent the protection no matter how brain-dead stupid that protection may be, and it makes distributing code that circumvents the protection a crime, so even if it were a simple matter to write a drop-in replacement for Adobe's module that decrypts the video without you paying, it's illegal under DMCA and you will pay fines well out of proportion to the crime if you get caught. Hell, Adobe could open-source their module (not that they would) and if you hack it to get around the DRM you're breaking the DMCA.

Stupid law written by stupid people who don't understand the underlying technology to prop up a stupid industry dependent on failing last-millennium business models.

Companies, developers, and artists should have a right to protect their content, even if the populous doesn't agree that they can't have it for free. Everything can't be free and open, the core technologies maybe, but the content should be able to be protected somehow.

Frankly, I rarely buy DVDs and Blue-Ray movies anymore. I'm sick and tired of being treated like a criminal by the people who take my money. They charge way more than the disk is worth and give damn little to the artists who created the work, keeping the lion's share for themselves - and they insult me in the process. I'd much rather buy the works directly from the artists at the artist's web sites.

Well, the thin end of the wedge has been inserted. Expect more and more sites to take advantage of this DRM. If it's successful enough, it might even spread to non-video data.

I expect to see it used in lieu of a paywall on TV station's sites, on YouTube, etc. Maybe not for all videos, but for some. Here's a free 3 minute teaser; if you want the full 15 minutes, enter your credit card number.

DRM in HTML5 makes sense, as much as open source people might hate it.What we have now is plugins to give DRM. If there was no DRM in HTML5, there would still be plugins. Excluding DRM from HTML 5 doesnt mean people won't use DRM, it means they won't use HTML5.

Since it's part of the standard, that means Firefox should support it as much as possible. HTML5 with DRM is better than HTML5 with no DRM, and then 500 plugins for various websites for their DRM.

DRM won't go away whether HTML5 does or doesn't include it, and whether Firefox does or doesn't include it.

But this Adobe module you need to download for the EMEs to work sounds an awful lot like a plugin.

Closed source? YepMade by someone other than the browser developer? YepCan't be checked for malware/security flaws/privacy violations by the browser developer? YepCan't be supplied by the browser developer on every platform they support? Yep

I'd personally argue that free to play in games isn't great for the consumer in all cases though. It results in a ton of un-played games, micro transactions and lack of involvement. I'd personally rather pay for something decent (emphasis on pay for something decent and not crap) that is worth my time and might actually be completed.

No DRM would be great if people were honest, companies weren't shortsighted etc but human nature is unlikely to fix short term. I just don't see what option a company streaming content has to get the rights to do it without enabling DRM? I know that everything is pirated on release and can be obtained very easily but at least the value of the Netflix, Prime, NowTV etc means that its almost more hassle than its worth. Sadly I say that having a friend who drives me nuts, slagging off anything that isn't a £1600 Apple product but who never pays for a single thing he watches, not a rental, cinema viewing or even the tiny £7 a month Netflix Price. This person isn't unique, expects the entire film industry to be working for them and then has the temerity to slag off films he has pirated. I wish someone would go to his workplace, copy his work, sell it for free and see how he feels about that. Yes DRM is a pain for those of us who value someone's work, but what is the solution in an age of people who expect things for free?

There was an article on NPR yesterday that discussed the possible Apple buy of Beats. They branched off into a discussion of how Hip Hop artists have morphed themselves into businesses where the music is a loss leader and the profit is made selling shoes, clothes, accessories - even lint rollers! And in Dr. Dre's case, headphones.

DRM amazingly dosen't stop piracy, believe it or not. Most of the pirates either employ side-channel attacks to get at the protected media in a way that DRM has no chance at all to stop, or for the DRM that isn't implement so well, they just break it.

DRM isn't about stopping piracy. To take your example, I have personally played pirated free to play games, so pirated because you got all the addon costumes for free (plus levelling curve was much reduced). This is a fact of life; no matter what pricing model you use, some part of the populace will not be willing to pay it, even if it is free.

No, DRM is about implementing a business model. It is to implement the glory days of media distribution, where people would buy LaserDisc, VHS, DVD and BluRay versions of Star Wars. It's to sidestep the whole issue that digital data can last forever, unlike a physical disc. What good is 150 years of copyright if one copy you sell can be passed down through the generations on the family cloud?

With DRM, you have such awesome features as planned obsoleteness (this service is no longer available), platform resale (now for Windows Phone), account lock-in (this person is dead/account deleted. Please buy again), pay-per-view, different price model depending on screen (unlock on TV for only 99¢ extra) and whatever other restriction that a focus group in a meeting room can cook up.

DRM is inconvenient by design. It is made to be inconvenient, so that you can pay the source of the inconvenience to (temporarily) remove the inconvenience. That is creating a business model.

This. Disney's goal is to get back to the 1970s, where you had to pay every time you watched one of their movies, or put up with ads to watch it on TV.

DRM amazingly dosen't stop piracy, believe it or not. Most of the pirates either employ side-channel attacks to get at the protected media in a way that DRM has no chance at all to stop, or for the DRM that isn't implement so well, they just break it.

DRM isn't about stopping piracy. To take your example, I have personally played pirated free to play games, so pirated because you got all the addon costumes for free (plus levelling curve was much reduced). This is a fact of life; no matter what pricing model you use, some part of the populace will not be willing to pay it, even if it is free.

DRM is inconvenient by design. It is made to be inconvenient, so that you can pay the source of the inconvenience to (temporarily) remove the inconvenience. That is creating a business model.

I'm not disagreeing.

Sure, as I was growing up, DRM was explained to me as a way of securing stuff against piracy, but it's pretty plain to see that the reason DRM is so woefully inadequate is because the point is not security; it's to secure purchases. It's about money. Great effort has been expended to include some 'security' into more modern flavors of DRM, which the more clever pirates have summarily broken or sidestepped, as they always seem to do.

This is also why I assert that DRM is a waste of time, better and more inclusive business models are what are going to actually help these companies make sustainable profits. You will never eliminate the fact that there are people who want what you've got and simply won't pay for it; all you can do is take as many measures as possible to reduce that number.

As far as Mozilla is concerned, I agree that the politics of the situation forces them to play this game; if they don't implement HTML5 DRM, someone else will (Google, Microsoft, someone) and get the payout that companies and guilds will shell out. Unfortunately for all concerned, I think the truth is that this is a false economy, and really isn't buying anyone much of anything.

I hope people with greater wisdom appear in all areas - content creation, distribution, consumption, and even among the pirates - and a better solution came up with so that we can quit wasting our freaking time on this.

Well, the thin end of the wedge has been inserted. Expect more and more sites to take advantage of this DRM. If it's successful enough, it might even spread to non-video data.

I expect to see it used in lieu of a paywall on TV station's sites, on YouTube, etc. Maybe not for all videos, but for some. Here's a free 3 minute teaser; if you want the full 15 minutes, enter your credit card number.

Even then, there's still nothing stopping them from feeding you 10 minutes worth of commercials that you have to view before your video.

Sure, as I was growing up, DRM was explained to me as a way of securing stuff against piracy, but it's pretty plain to see that the reason DRM is so woefully inadequate is because the point is not security; it's to secure purchases. It's about money. Great effort has been expended to include some 'security' into more modern flavors of DRM, which the more clever pirates have summarily broken or sidestepped, as they always seem to do.

This is also why I assert that DRM is a waste of time, better and more inclusive business models are what are going to actually help these companies make sustainable profits. You will never eliminate the fact that there are people who want what you've got and simply won't pay for it; all you can do is take as many measures as possible to reduce that number.

[...]

I think there is a slight difference in our interpretations, actually. DRM is about security; namely, job security. In that sense, DRM is not a waste of time, and has not been a waste of time, as the vast majority of consumers (aka, those that create profits for content providers) have pretty much bought in to it (or, rather, bought the products that contain it).

You and I might realise there is no technical barrier for why an H.264 video would not be playable on a TV, computer, phone, or anything else with a CPU/GPU capable of decoding it, but for slightly less technologically savvy consumers, this is about as self-evident as putting a DVD into a toaster, pressing down on the handle, and expecting Iron Man to start playing out of the side.

DRM is an ingenious way to play on the expectation that interoperability is an additional feature and not a baseline requirement. This is doubly ironic as the media itself is encoded with an industry standard designed specifically to promote interoperability. But I digress.

By and large, DRM means profit. Until such time that a greater profit can be acquired without the use of DRM, it is not a waste of time for the people who derive that profit. To achieve that, however, we most likely need a seismic shift in the entire media funding/production/distribution model, so the income is derived from the production and not the distribution. This means the arrival of "Free to Play" to videos (cf: Colbert/T-Mobile), the re-emergence of patronage, or something completely different. Once the financial incentive is shifted, though, from limiting distribution to encouraging it, then DRM will become a liability instead of an asset.

Why, or why is this unadulterated spin continually being trotted out? Maybe Peter receives a create of 5 year old Sauvignon every time he trots another article uncritically supporting the EME proposal.

EME is another plugin interface for gods sake. This won't get rid of plugins. Online video may be a big user of Flash, but isn't anywhere near 50% of usage. I see far more Flash Block icons than I see videos. All this new interface will do is provide another niche for the things to breed in.

That said, it may be Mozilla has found a way out of this DRM mess. My chief concern about all of this is they were breaking the core property of HTML and the web that made it useful. It's works on every device. We have had various attempts at building platforms this - like Java VM and Qt, but this the first such attempt that worked. EME plugins that only work on one device or OS would break it.

Maybe, just maybe, Mozilla has come up with a way around that. If Adobe's plugin works on everything, or at least on everything that Firefox runs on - BSD, Linux, OSX, Android, yada, yada, then good on Mozilla - you may have just saved the web, again. Last time round you saved it from Microsoft using dumb browsers to protect their Windows monopoly.

But then again, maybe we won't. If we end up with a cluster fuck where IE comes with Microsoft's EME plugin, Chrome comes with Google's EME plugin, Firefox comes with Adobe's, all subtly incompatible, then content providers will most likely just chose one of them. And we will back to having to view content by choosing the the device, OS, and browser the provider settled on. I do hope the W3 has thought this through. But nothing I've read anywhere gives any hint they have done so.

Companies, developers, and artists should have a right to protect their content, even if the populous doesn't agree that they can't have it for free. Everything can't be free and open, the core technologies maybe, but the content should be able to be protected somehow.

No, they aren't trying to protect their content, but they are trying to protect a business model with a hole in it the size of a Death Star. Also, everything certainly can be free and open. You just need to leverage the right business model.

And then you get like what iTunes Preview is - a web page that links to an app.

And now what do you have in the end? An app-ified webpage, where every Google search really is a search for an app you must install to see the content. Heck, there are Google apps, too.

The web will just become a means to distributing apps, and really we're on the cusp of it really taking over the web. You can't really browse websites on your tablet or phone without sites asking you to install their apps. Netflix promotss their apps on their site. etc.

And for the record, Apple originally developed the iPhone to have web-based apps written in HTML5.

Companies, developers, and artists should have a right to protect their content, even if the populous doesn't agree that they can't have it for free. Everything can't be free and open, the core technologies maybe, but the content should be able to be protected somehow.

No, they aren't trying to protect their content, but they are trying to protect a business model with a hole in it the size of a Death Star. Also, everything certainly can be free and open. You just need to leverage the right business model.

Wow, that an industry fail. Mozilla's position is understandable but I would have loved to see what happened if MS, Google, Apple and Mozilla dropped plugins and denied EME. In other words, if they moved towards a more open web instead of a more closed one.

And then you get like what iTunes Preview is - a web page that links to an app.

And now what do you have in the end? An app-ified webpage, where every Google search really is a search for an app you must install to see the content. Heck, there are Google apps, too.

The web will just become a means to distributing apps, and really we're on the cusp of it really taking over the web. You can't really browse websites on your tablet or phone without sites asking you to install their apps. Netflix promotss their apps on their site. etc.

And for the record, Apple originally developed the iPhone to have web-based apps written in HTML5.

Browser company fearful that users would follow Netflix to other browsers.

Wouldn't lose me. I watch netflix on Roku or windows 8 metro app on my tablet. Even using android app on my phone. I do not watch netflix in a web browser. If I stream video in a web browser, I am probably on a service that does not have an app for one of those 3 devices and is a site unlikely to even use DRM.

This is my feeling exactly. Let them abandon the web. I just don't watch the content if my open source browser can't play it. I don't run any proprietary plugins. If I want to watch something that requires a proprietary plugin (HTML5 EME, whatever), I use a DVD player or stream it to Roku. Period.

Firefox is making a rational decision to support HTML5 EME. I think they are making the right decision. And like always, they do it in the right way by providing the browser without CDM but giving it the ability to use CDM by allowing the user to freely download it.

So don't install the CDM. Mozilla has a valid point when they worry users will abandon firefox to watch DRM material on Chrome. These users obviously don't care about free software and will offer themselves into slavery to the content providers. Enough people stop using Firefox, mozilla disappears. But you can still have open source firefox without CDM if you don't download the CDM. it seems a reasonable compromise/setup by Mozilla to me. I wont be installing the CDM from adobe. But hopefully it will stop another from abandoning Firefox for Chrome just cause Chrome plays the latest Transformers movie or something.

And then you get like what iTunes Preview is - a web page that links to an app.

And now what do you have in the end? An app-ified webpage, where every Google search really is a search for an app you must install to see the content. Heck, there are Google apps, too.

The web will just become a means to distributing apps, and really we're on the cusp of it really taking over the web. You can't really browse websites on your tablet or phone without sites asking you to install their apps. Netflix promotss their apps on their site. etc.

And for the record, Apple originally developed the iPhone to have web-based apps written in HTML5.

With all due respect, Flash is NEVER going to be depreciated as a GAME delivery mechanism. Maybe online videos will stop using Flash, but browser games? Not damned likely.

Edit: On the subject of the article, I have to say that I foresaw this decision by Mozilla. I knew that as soon as Chrome, Opera, Safari and Internet Explorer ALL supported html5 DRM, Mozilla would have to support it.

I know it eats at them to have DRM (which a lot of them believe is not necessary on the internet today) embedded in their browser but sometimes you just have to bow to realism.

I strongly disagree. They took a pragmatic approach, but that is different from a sensible approach. With this approach, video I should lawfully be able to view (e.g. a Netflix stream) will not work if I build a browser for a platform that is not supported by a closed source component. (snip)